Exchange Online

Registering an Azure App

• Login to Azure Portal

• If you have access to multiple tenants, use the Settings icon in the top menu to switch to the tenant in which you want to register the application from the Directories + subscriptions menu

• Browse to App Registration and select New registration

• On the App Registration page enter below information and click Register button

  • Name: (Enter a meaningful application name that will be displayed to users of the app)

  • Supported account types:

    • Select which accounts you would like your application to support. You should see the options similar to below. You can select “Accounts in this organizational directory only”:

      
    • Leave the Redirect URI as empty and Click Register

      
• Note the Application (client) ID, Directory (tenant) ID values

• Navigate to Manage -> Certificates and secrets on the left menu, to create a new client secret

• Provide a meaningful description and expiry to the secret, and click on Add

• Once a client secret is created, note its Value and store it somewhere safe. NOTE: this value cannot be viewed once you leave this page

• Navigate to Manage -> API permissions on the left menu, and Add a permission

• Select Microsoft APIs -> Microsoft Graph

• Select Application permissions

• Permissions required

  • For scanning

    • Microsoft Graph > Application permissions > Mail > Mail.Read

    • Microsoft Graph > Application permissions > User > User.Read.All

    • Microsoft Graph > Application permissions > DeviceManagementApps > DeviceManagementApps.Read.All

    • Microsoft Graph > Application permissions > MailboxSettings > MailboxSettings.Read

  • For tagging

    • Microsoft Graph > Application permissions > Mail > Mail.ReadWrite

• Once all the required permissions are added, Grant admin consent to them